| Vulnerability Name: | CVE-2001-1088 (CCN-6655) | ||||||||
| Assigned: | 2001-06-05 | ||||||||
| Published: | 2001-06-05 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Jun 05 2001 - 06:09:27 CDT SECURITY.NNOV: Outlook Express address book spoofing Source: MITRE Type: CNA CVE-2001-1088 Source: CONFIRM Type: UNKNOWN http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241 Source: CCN Type: OSVDB ID: 1852 Microsoft Outlook Address Book Spoofing Source: BUGTRAQ Type: Exploit, Vendor Advisory 20010605 SECURITY.NNOV: Outlook Express address book spoofing Source: BID Type: Exploit, Vendor Advisory 2823 Source: CCN Type: BID-2823 Microsoft Outlook Express Address Book Spoofing Vulnerability Source: XF Type: UNKNOWN outlook-address-book-spoofing(6655) Source: XF Type: UNKNOWN outlook-address-book-spoofing(6655) Source: CCN Type: Microsoft Knowledge Base Article 234241 XCLN: Outlook & Outlook Express Don't Notify User When Reply To Address Differs from the From Address | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||